CVE-2009-3707

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 7.0 through 7.0.0 before build 227600 VMware Workstation version 6.5.x through 6.5.3 before build 246459 VMware Player versions 3.0 through 3.0.0 before build 227600 VMware Player version 2.5.x through 2.5.3 before build 246459 VMware ACE versions 2.6 through 2.6.0 before build 227600 VMware ACE version 2.5.x through 2.5.3 before build 246459 VMware Server version 2.x

Description The issue allows remote attackers to cause a denial of service, resulting in a process crash, by sending a specific sequence, x25xFF, in the USER and PASS commands. This is related to a format string DoS issue.

Recommendations For VMware Workstation versions 7.0 through 7.0.0 before build 227600, update to build 227600 or later. For VMware Workstation version 6.5.x through 6.5.3 before build 246459, update to build 246459 or later. For VMware Player versions 3.0 through 3.0.0 before build 227600, update to build 227600 or later. For VMware Player version 2.5.x through 2.5.3 before build 246459, update to build 246459 or later. For VMware ACE versions 2.6 through 2.6.0 before build 227600, update to build 227600 or later. For VMware ACE version 2.5.x through 2.5.3 before build 246459, update to build 246459 or later. For VMware Server version 2.x, update to a version that is not affected by this issue.